Fix certificate management with service-mod

Adding or removing certificates from a service via --addattr or --delattr is broken. Get certificates from entry_attrs instead of options. https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Martin Basti <mbasti@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2015-06-03 02:49:28 -0400
committer: Jan Cholasta <jcholast@redhat.com> 2015-06-03 17:53:56 +0000
commit: 62e98671142cbc30366109a2a1b631c1ef0cae5c (patch)
tree: f281d7f578b57c977f18f7205d621e2fbca2348c /ipalib/plugins/service.py
parent: b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e (diff)
download: freeipa-62e98671142cbc30366109a2a1b631c1ef0cae5c.tar.gz
freeipa-62e98671142cbc30366109a2a1b631c1ef0cae5c.tar.xz
freeipa-62e98671142cbc30366109a2a1b631c1ef0cae5c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index d8bd03523..2d34eac7d 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -598,7 +598,7 @@ class service_mod(LDAPUpdate):
         (service, hostname, realm) = split_principal(keys[-1])
 
         # verify certificates
-        certs = options.get('usercertificate') or []
+        certs = entry_attrs.get('usercertificate') or []
         certs_der = map(x509.normalize_certificate, certs)
         for dercert in certs_der:
             x509.verify_cert_subject(ldap, hostname, dercert)
author	Fraser Tweedale <ftweedal@redhat.com>	2015-06-03 02:49:28 -0400
committer	Jan Cholasta <jcholast@redhat.com>	2015-06-03 17:53:56 +0000
commit	62e98671142cbc30366109a2a1b631c1ef0cae5c (patch)
tree	f281d7f578b57c977f18f7205d621e2fbca2348c /ipalib/plugins/service.py
parent	b6924c00ab0ebeaeb62a2ebfbf1ba04494713c5e (diff)
download	freeipa-62e98671142cbc30366109a2a1b631c1ef0cae5c.tar.gz freeipa-62e98671142cbc30366109a2a1b631c1ef0cae5c.tar.xz freeipa-62e98671142cbc30366109a2a1b631c1ef0cae5c.zip